The Economic and Productivity Impact of IT Security on Healthcare

Size: px
Start display at page:

Download "The Economic and Productivity Impact of IT Security on Healthcare"

Transcription

1 The Economic and Productivity Impact of IT Security on Healthcare Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date: May 2013 Ponemon Institute Research Report

2 The Economic & Productivity Impact of IT Security on Healthcare Ponemon Institute, May 2013 Part 1. Introduction The transition from paper-based to electronic medical records has created a dichotomy for the healthcare industry that remains difficult to reconcile. While the implementation of new technologies is designed to improve efficiency and enhance patient care, it also has the potential to introduce risk, so IT departments must ensure that these new systems meet security and regulatory compliance requirements to keep private information protected. As organizations struggle to strike this balance, the use of pagers and other outdated communications technologies continues as the status quo. Communications in healthcare continues to lag behind other industries, in large part because of the perceived security and compliance risks associated with the use of smartphones and other modern technologies. The purpose of this study is to determine the industry-wide economic and productivity impact of this paradigm. The Ponemon Institute surveyed 577 healthcare professionals in organizations that ranged from fewer than 100 beds to more than 500 beds. Overwhelmingly, respondents agreed that the deficient communications tools currently in use decrease productivity and limit the time doctors have to spend with patients. They also recognized the value of implementing smartphones, text messaging and other modern forms of communications, but cited overly restrictive security policies as a primary reason why these technologies are not in use. The key findings of this research, summarized below, can be categorized into three key focus areas: the economic and productivity impact of outdated communications technology; the effects of regulations on the delivery of patient care and technology adoption; and the pervasiveness of data breaches and their impact on healthcare organizations. Economic and Productivity Impact of Outdated Communications Technology According to the study, clinicians waste an average of more than 45 minutes each day due to the use of outdated communications technologies. The primary reason is the inefficiency of pagers (as cited by 52 percent of survey respondents), followed by the lack of Wi-Fi availability (39 percent), the inadequacy of (38 percent) and the inability to use text messaging (36 percent). The Ponemon Institute estimates that this waste of clinicians time costs each U.S. hospital nearly $1 million per year, and based on the number of registered hospitals in the U.S., this translates to a loss of more than $5.1 billion annually across the healthcare industry. Similar deficiencies in communications lengthen patient discharge time, which currently averages about 101 minutes. Sixty-five percent of survey respondents believe that secure text messaging can cut discharge time by about 50 minutes, which the Ponemon Institute estimates could generate more than $3.1 billion in revenue per year across the healthcare industry. Effects of Regulations on the Delivery of Patient Care and Technology Adoption Fifty-one percent of survey respondents say HIPAA compliance requirements can be a barrier to providing effective patient care. Specifically, HIPAA reduces time available for patient care (according to 85 percent of respondents), makes access to electronic patient information difficult (79 percent) and restricts the use of electronic communications (56 percent). Ponemon Institute Research Report Page 1

3 In accordance with the Patient Protection and Affordable Care Act, 62 percent of survey respondents say their organization is an Accountable Care Organization (ACO) or expects to become an ACO within the next 12 months. Forty-four percent of respondents say their organization supports Electronic Prescriptions for Controlled Substances (EPCS) today or expects to add support for EPCS within the next 12 months Pervasiveness and Impact of Data Breaches Sixty-three percent of survey respondents say their organization experienced a data breach that required notification in the past 24 months. In a previous Ponemon Institute study, it was calculated that the average economic impact of a data breach over the past two years for the healthcare organizations was $2.4 million 1. The majority of respondents do not see the problem improving, as 45 percent say their organizations have not experienced a change in the effectiveness in protecting patient information while 30 percent say they are less effective. According to the survey, the most significant result of a data breach or cyber attack is the theft of information assets (according to 56 percent of respondents), followed by productivity decline (51 percent) and system downtime (44 percent). The findings of this research illustrate the challenges healthcare organizations face in their efforts to balance the demand for more modern and efficient communications technologies with the need to maintain security and comply with regulatory requirements. The prevalence of outdated communication technologies results in decreased clinician productivity and lengthier patient discharge times, which can cost the U.S. healthcare industry more than $8.3 billion annually. Despite the substantial economic and productivity impact, the use of pagers and other inefficient communications technologies remains the status quo in healthcare, in large part because security policies and compliance regulations are perceived as barriers to adopting more efficient communications systems. Based on their responses, the IT practitioners and clinicians are aware of the difficult problems they must deal with. However, the inability to identify and implement solutions to these problems is likely to be costly. 1 Third Annual Benchmark Study on Patient Privacy & Data Security, conducted by Ponemon Institute and sponsored by ID Experts, December 2012 Ponemon Institute Research Report Page 2

4 Part 2. Key Findings In this report we have organized the findings according to the following topics: The economic and productivity impact of outdated communications technology in healthcare The effects of regulations on the delivery of patient care and technology adoption The pervasiveness of data breaches and their impact on healthcare organizations Economic and Productivity Impact of Outdated Communications Technology in Healthcare Outdated communication technologies and overly restrictive security policies waste clinicians time. According to the study, clinicians waste an average of 46 minutes each day waiting for patient information as a result of inefficient communication technologies. As shown in Figure 1, the main culprit is the inefficiency of pagers, according to 52 percent of respondents, followed by the inadequacy of , according to 38 percent of respondents. However other barriers to efficiency, according to respondents, include not being able to use Wi-Fi, text messaging and personal mobile devices. Figure 1. The main reason time is wasted waiting for patient information More than one response permitted Pagers are not efficient 52% WIFI is not available 39% is not efficient 38% Text messaging is not allowed 36% Personal mobile devices are not allowed 28% Other 3% 0% 10% 20% 40% 50% 60% Ponemon Institute Research Report Page 3

5 Clinicians time wasted due to outdated communications technologies can cost the healthcare industry more than $5.1 billion annually. The findings of this study and secondary research enabled us to estimate the value of the clinicians idle time per hospital and for the entire healthcare industry. Table 1 shows the calculation that looks at the average clinician wage per hour ($36.40), the average wasted time per hour as self-reported by the respondents (46.2 minutes) and the average number of clinicians per hospital (88). Based on the findings of this research, previous Ponemon Institute research and published data about the healthcare industry, we were able to calculate that security policies and outdated communication technologies can cost the average U.S. hospital $900,259 per year in the value of wasted clinicians time. Based on the number of all registered hospitals in the U.S., the industrywide impact could be approximately $5 billion 2. Table 1. Economic impact of communication inefficiencies Description Calculus Estimate A Average clinician wage per hour Secondary research 3 $36.40 B As a result of current methods of communication, how much time is wasted waiting for patient information each day per clinician (minutes)? Extrapolated survey value 46.2 C Wasted time per hour C = B / 60 minutes 0.77 Value of wasted time per D clinician each day D = A X C $28.03 E F G Average FTE clinician headcount per registered hospital (medical staff only) Secondary research Value of wasted time per hospital each day F = D X E $2,466 Value of wasted time per hospital each year G = F X 365 days $900,259 We estimate that the value of wasted time per hospital each year averages $900,259. Based on the number of registered hospitals (5,724) the value of this is more than $5.1 billion. Table 2. Estimated cost impact for the hospital industry Annual cost impact per hospital industry $900,259 Number of registered hospitals 5 5,724 Estimated incremental value of cost savings for U.S. hospitals each year $5,153,084,577 2 Number of all U.S. registered US hospitals is 5,754, American Hospital Association Resource Center, Chicago, IL. 3 U.S. Department of Labor, Bureau of Labor Statistics. Occupational Employment Statistics. Health, United States, 2011 web updates 4 Third Annual Benchmark Study on Patient Privacy & Data Security, conducted by Ponemon Institute and sponsored by ID Experts, December Ibid 1 Ponemon Institute Research Report Page 4

6 Clinicians time is more often spent on activities away from the patient. In this study, we asked clinicians to allocate 100 points to three categories of tasks performed each day. They allocated 45 points which translate to just 27 minutes of every hour to time spent with patients followed by 30 points to communicating and collaborating with colleagues and another 25 points to using electronic health records and other clinical IT systems, according to Figure 2. Figure 2. Clinicians allocation of time spent on daily tasks A total of 100 points were allocated to all three tasks Face time with patients Communicating and collaborating with colleagues Using electronic health records and other clinical IT systems Outdated communication technologies also contribute to lengthy patient discharge times. On average, it can take 101 minutes to complete the discharge of a patient and about 37 minutes of that time is due to waiting for the doctor, specialist or others to respond with information necessary for the patient s release. While 28 percent of respondents cannot pinpoint the single biggest communication challenge, 26 percent say it is waiting for the doctor to respond to a communication about signing off on the discharge order (as shown in Figure 3). Figure 3. Communication challenges during patient discharge Unable to determine Waiting for the doctor to respond and sign off on the discharge order 26% 28% Communicating with other clinicians about the patient s medication 17% Coordinating with specialists such as physical and occupational therapists and nutritionists 13% Coordinating with the facility the patient is being transferred to such as a nursing home or hospice 10% Not applicable because patients are ambulatory 6% 0% 5% 10% 15% 20% 25% The majority of both IT and clinicians (65 percent) believe the answer is to use secure text messaging to communicate with care teams during the discharge process. In fact, they believe the total discharge time could be reduced on average about 50 minutes by using secure texting. Ponemon Institute Research Report Page 5

7 Lengthy discharge times can cost the healthcare industry more than $3.1 billion in lost revenue annually. The revenue impact of reducing discharge time through IT improvements and other measures could be enormous. Again, the findings from this study and secondary research enable us to calculate the average revenue loss per hospital and for the healthcare industry each year. Table 3 shows the calculation that includes the number of beds per hospital (161.48), the occupancy rate (67.8 percent), average length of stay (2.2 days), average number of patients served per year (18,1650), idle patient time waiting for discharge per year (633 days) and estimated revenue per bed per day ($880). Table 3. Economic impact of lengthy discharge time Description Calculus Estimate A Number of beds on average Secondary research B Number of bed days per year B = A X 365 days 58,942 C Occupancy rate Secondary research % D Adjusted number of bed days per year D = B X C 39,962 E Average length of stay in hospital per admitted patient (days) Secondary research F Average number of patients served per year F = D / E 18,165 G Idle time per patient waiting for discharge (minutes) Extrapolated survey value 50.2 H Idle time waiting for discharge (minutes) for all patients per year H = F X G 911,869 I Idle time waiting for discharge (hours) for all patients per year I = H / 60 minutes 15,198 J Idle time waiting for discharge (days) for all patients per year J = I / 24 hours 633 K Estimated revenue per bed per day Secondary research 9 $880 L Revenue loss per hospital each year L = J X K $557,253 We conclude that the average revenue loss per hospital each year is $557,253. Based on the number of registered hospitals in the U.S., the loss for the entire industry is more than $3.1 billion. Table 4. Estimated revenue impact for the hospital industry Annual revenue impact per hospital industry $557,253 Number of registered hospitals 10 5,724 Estimated incremental value (revenue) gains for U.S. hospitals each year $3,189,717,587 6 National Center for Health Statistics. Health, United States, 2011: With Special Feature on Socioeconomic Status and Health. Hyattsville, MD Ibid 3 8 Ibid 3 9 Ibid 3 10 Ibid 1 Ponemon Institute Research Report Page 6

8 Secure text messaging will replace pagers. As shown in Figure 4, 74 percent of respondents say secure text messaging either has replaced pagers or will replace pagers within the next two years. Figure 4. Secure text messaging will replace pagers in the organization 45% 40% 35% 25% 20% 15% 10% 5% 0% 23% Yes, it is happening right now 21% Yes, within the next 6 months to 1 year 40% Yes, within 1 to 2 years As shown in Figure 5, the use of pagers and phone for communications between clinicians and other hospital personnel will decline significantly, while the use of wearable communication badges and secure texting will increase. Figure 5. Secure communication between clinicians and other hospital personnel More than one response permitted 11% Yes, more than 2 years 2% 3% Never Unsure 90% 80% 70% 60% 50% 40% 20% 10% 0% 83% 68% 58% 57% 44% Paging Phone Wearable communication badge 27% Encrypted 18% 64% Secure Texting Communication in use now Communication planning to use Ponemon Institute Research Report Page 7

9 Patient communications will change. Today the primary method of secure communications between clinicians and patients is phone (according to 81 percent of respondents) followed by postal mail (50 percent). Figure 6 reveals the significant changes in store. While phone and postal mail are expected to decline, web portal and secure texting will be increasingly used to communicate with patients. Figure 6. Secure communication between clinicians and patients More than one response permitted 90% 80% 81% 78% 70% 60% 50% 40% 20% 10% 63% 50% 23% 36% 27% 18% 59% 4% 5% 0% Phone Postal mail Web portal Encrypted Secure Texting Video Conferencing Communication in use now Communication planning to use Web portals are already available to most patients. As shown in Figure 6, the use of web portals to communicate with patients will increase significantly. However, according to Figure 7, 77 percent of respondents say their organization is already using web portals so that patients can view their medical records, schedule appointments and complete other administrative tasks. Figure 7. Patients are provided with access to a web portal 90% 80% 70% 60% 50% 40% 20% 10% 0% 77% 11% 12% Yes No Unsure Ponemon Institute Research Report Page 8

10 Effects of Regulations on the Delivery of Patient Care and Technology Adoption The majority of respondents say their organization is or will become an ACO. As part of the Patient Protection and Affordable Care Act, ACOs are being created to reduce the cost of care as baby boomers enter retirement age. An ACO is a healthcare organization characterized by a payment and care delivery model that ties provider reimbursements to quality metrics and reductions in the total cost of care for an assigned population of patients. According to Figure 8, the majority of respondents (62 percent) say their organizations are an ACO or plan to move to this model within the next 12 months. Figure 8. Transitioning to ACOs We are an ACO 18% We are part of an ACO We plan to become part of an ACO within the next 12 months We have no plans to become an ACO or part of an ACO within the next 12 months 21% 23% 36% Unsure 2% 0% 5% 10% 15% 20% 25% 35% 40% As part of the transition, healthcare organizations will need to ensure that communication and collaboration among healthcare providers is optimized. The efficient and secure sharing of patient records is critical in the ACO model, and as a result, there is expected to be an increase in the number of care providers accessing a patient s records and thus a broader range of locations/endpoints from which a patient s records may be accessed. Fewer tests and procedures mean more care providers will need access to fewer results, which will likely test the ability of electronic communications to meet the needs of clinicians. In order to communicate with patients, these ACOs will use a web portal or secure text messaging, as shown in Figure 9. Figure 9. ACO communication with patients on an ongoing basis More than one response permitted 90% 80% 70% 78% 69% 60% 50% 40% 35% 32% 20% 10% 3% 2% 0% Web portal Secure text messaging Encrypted Health Information Exchanges Social media Other Ponemon Institute Research Report Page 9

11 Compliance regulations are the primary barrier to achieving a strong IT security posture. As highlighted in Figure 10, 59 percent of respondents say that complexity of compliance and regulatory requirements is the primary barrier to their organization achieving a strong IT security posture while 54 percent cite the lack of senior leadership s commitment to achieving a strong security posture. Figure 10. Barriers to achieving a strong IT security posture Three choices permitted Complexity of compliance and regulatory requirements Leadership lacks commitment to achieving a strong security posture Lack of skilled or expert personnel 50% 54% 59% Lack of oversight or governance Security resources and/or budget are inadequate Poor visibility of people and operations 26% 33% 31% Security technology solutions are ineffective in reducing risks Security risk assessments are not conducted as often as they should be Lack of ongoing security education and training 10% 19% 16% Other 2% 0% 10% 20% 40% 50% 60% 70% Ponemon Institute Research Report Page 10

12 HIPAA regulations impact patient care. Slightly more than half (51 percent) of respondents say HIPAA security and privacy regulations make it more difficult to deliver quality patient care. Specifically, as shown in Figure 11, HIPAA reduces time available for patient care (according to 85 percent of respondents), makes access to electronic patient information difficult (79 percent) and restricts the use of electronic communications (56 percent). Figure 11. How HIPAA regulations diminish the delivery of quality patient care More than one response permitted Reduces time available for patient care because of compliance tasks Makes access to electronic patient information difficult Limits the ability to access patient information remotely 64% 79% 85% Restricts the use of electronic communications Restricts the use of personal mobile devices 56% 54% Constrains communication with patients and peers 26% None of the above Unsure 2% 5% Electronic Prescriptions for Controlled Substances (EPCS) not widely adopted. Only 18 percent of respondents say their organizations support EPCS and another 26 percent say their organizations plan to adopt EPCS within 12 months. According to Figure 12, if they do plan to adopt, the primary reason is to reduce costs (according to 50 percent of respondents) followed by increased quality of care (35 percent). Figure 12. Reasons to adopt EPCS Two choices permitted 60% 50% 50% 0% 10% 20% 40% 50% 60% 70% 80% 90% 40% 35% 20% 29% 28% 28% 21% 10% 9% 0% Reduced costs Increased quality of care Increased accuracy Regulatory mandates Greater efficiency Improved security Improved privacy Ponemon Institute Research Report Page 11

13 Fifty-four percent of survey respondents say EPCS will improve patient safety. According to Figure 13, safety will be improved by reducing errors in filing prescriptions because of illegible handwriting and limiting abuse of overprescribing controlled substances. Figure 13. How patient safety will be improved More than one response permitted Reduce errors in filling prescriptions because of illegible handwriting Limit abuse of overprescribing controlled substances Reduce the occurrence of drug interactions because of access to patient s prescription history 57% 64% 68% More efficient filling of prescriptions 45% Reduce the occurrence of allergic reactions because of access to patient s prescription history 26% None of the above 3% 0% 10% 20% 40% 50% 60% 70% 80% Ponemon Institute Research Report Page 12

14 Pervasiveness of Data Breaches and their Impact on Healthcare Organizations Data breach incidents are frequent and can be costly. As shown in Figure 14, 63 percent of survey respondents say their organization experienced a data breach that required notification in the past 24 months. In a previous Ponemon Institute study, it was calculated that the average economic impact of a data breach over the past two years for the healthcare organizations was $2.4 million 11. Figure 14. A data breach has occurred that required notification in the past 24 months 70% 60% 50% 40% 20% 10% 0% 63% 25% 12% Yes No Unsure Clinicians are more detached from cyber attacks and data breaches in their organizations. The IT healthcare practitioners surveyed are more aware about data breaches occurring in their organizations. Eighty percent of IT practitioners say their organization had a data breach in the past 24 months, as shown in Figure 15. In contrast, slightly more than half (51 percent) say their organization had such an incident, a more than 29 percent difference. The uncertainty over whether there was a data breach is also higher among clinicians (36 percent vs. 9 percent of IT practitioners). Figure 15. IT practitioners vs. clinicians awareness of data breaches 90% 80% 70% 60% 50% 40% 20% 10% 0% 80% 51% 36% 11% 13% 9% Yes No Unsure IT Clinician 11 Third Annual Benchmark Study on Patient Privacy & Data Security, conducted by Ponemon Institute and sponsored by ID Experts, December 2012 Ponemon Institute Research Report Page 13

15 IT practitioners have a different view of the severity of data breaches. On average, IT practitioners say more than 9,000 records were lost or stolen per data breach while clinicians estimate slightly more than 3,000 records were lost or stolen. Effectiveness in protecting patient information has not improved in many organizations. Despite the frequency of data breaches, 45 percent of respondents say their organizations have not experienced a change in the effectiveness in protecting patient information and 30 percent say they are less effective, as shown in Figure 16. Figure 16. Ability to protect patient information 50% 45% 40% 35% 25% 20% 15% 10% 5% 0% 18% 45% More effective Less effective No change in effectiveness 7% Cannot determine The majority of organizations experienced a cyber attack or intrusion of their IT infrastructure in the past 24 months. As shown in Figure 17, 27 percent of survey respondents are absolutely certain such an incident occurred, 34 percent say it was most likely to have occurred and 20 percent are uncertain. Figure 17. Occurrence of a cyber attack 40% 35% 25% 20% 15% 10% 5% 0% 34% 27% 19% 20% Yes, absolutely certain Yes, most likely No Unsure Ponemon Institute Research Report Page 14

16 Once again, IT practitioners are more aware of security incidents. As shown in Figure 18, 31 percent of IT practitioners are aware of a cyber attack while only 24 percent are certain that such an incident occurred. Figure 18. IT practitioners vs. clinicians awareness of cyber attacks 45% 40% 35% 25% 20% 15% 10% 5% 0% 31% 24% 40% 20% 18% Yes, absolutely certain Yes, most likely No Unsure 9% 28% IT Clinician The most negative consequences of a cyber attack are theft of information assets (according to 56 percent of survey respondents), productivity decline (51 percent) and system downtime (44 percent). The least negative are patient churn or turnover (8 percent) and regulatory actions, fines or lawsuits (4 percent), as shown in Figure 19. Figure 19. Most negative consequences of a cyber attack or intrusion More than one response permitted Theft of information assets 56% Productivity decline 51% System downtime 44% Cost of outside consultants and experts 23% Reputation damage 14% Patient churn or turnover 8% Regulatory actions, fines or lawsuits 4% 0% 10% 20% 40% 50% 60% Ponemon Institute Research Report Page 15

17 Part 3. Methods A sampling frame of 13,560 healthcare professionals located in all regions of the United States was selected as participants to this survey. As shown in Table 5, 636 respondents completed the survey. Screening and reliability checks removed 59 surveys. The final sample was 577 surveys (or a 4.3 percent response rate). Table 5: Survey response Freq Pct Combined sampling frame 13, % Total returns % Rejected and screened surveys % Final sample % Pie Chart 1 reports the respondents organization type. This chart identifies private healthcare provider (54 percent) as the largest segment, followed by public healthcare provider (43 percent). Pie Chart 1. Respondents organization 3% Private healthcare provider 43% 54% Public healthcare provider Other According to Pie Chart 2, slightly less than half of respondents (46 percent) are from community hospitals, 45 percent reported they are from a healthcare system and six percent are from outpatient ambulatory services. Pie Chart 2. Organization s operating structure 6% 3% Community hospital 46% Healthcare system Outpatient ambulatory services 45% Other Ponemon Institute Research Report Page 16

18 As shown in Pie Chart 3, 77 percent of respondents reported from facilities with a patient bed count greater than 100 beds. Pie Chart 3. Patient beds (capacity) in the healthcare facility or organization 24% 23% Less than to to % More than 500 Ponemon Institute Research Report Page 17

19 Part 4: Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are healthcare professionals. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge bias caused by compensating subjects to complete this research within a holdout period. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response. Ponemon Institute Research Report Page 18

20 Appendix: Detailed Survey Results The following tables provide the frequency or percentage frequency of responses to all survey questions contained in this study. Survey response Freq Pct Combined sampling frame 13, % Total returns % Rejected and screened surveys % Final sample % Screening question S1. What best describes your role? Overall IT Clinician IT director IT manager Chief information officer (CIO) Chief medical information officer (CMIO) Chief medical officer (CMO) Clinician, department head Clinician, staff Hospital administration None of the above (Stop) Total Subsample weights 100% 41% 59% Part 1. Questions about IT security and patient data protection Q1. In your role, how much responsibility do you have to protect sensitive and confidential patient information? Overall IT Clinician Full responsibility 15% 21% 11% Some responsibility 73% 70% 75% Minimal or no responsibility 12% 9% 14% Q2a. Has your organization experienced a data breach that required notification in the past 24 months? Overall IT Clinician Yes 63% 80% 51% No 12% 11% 13% Unsure 25% 9% 36% Q2b. If yes, please estimate the following: Q2b-1. The number of patient records lost or stolen in the past 24 months. Overall IT Clinician 1 to % 23% 8% 501 to 1,000 23% 25% 22% 1,001 to 5,000 17% 20% 15% 5,001 to 10,000 3% 5% 2% 10,001 to 50,000 2% 5% 0% 50,001 to 100,000 2% 4% 1% More than 100,000 1% 2% 0% Unable to determine 38% 16% 53% Extrapolated values 6,544 9,310 3,140 Ponemon Institute Research Report Page 19

21 Q2b-2. The number of separate data breach incidents under 500 records lost or stolen in the past 24 months. Overall IT Clinician Zero 5% 4% 6% 1 11% 12% 10% 2 13% 23% 6% 3 14% 21% 9% 4 11% 18% 6% 5 5% 7% 4% More than 5 4% 6% 3% Unable to determine 37% 9% 56% Extrapolated values Q3a. Did your organization experience a cyber attack or intrusion of your IT infrastructure in the past 24 months? Overall IT Clinician Yes, absolutely certain 27% 31% 24% Yes, most likely 34% 40% No 19% 20% 18% Unsure 20% 9% 28% Q3b. If yes, what were the two most negative consequences to your organization? Overall IT Clinician Theft of information assets 56% 63% 51% Productivity decline 51% 37% 63% System downtime 44% 62% 32% Regulatory actions, fines or lawsuits 4% 5% 3% Reputation damage 14% 16% 13% Patient churn or turnover 8% 5% 10% Cost of outside consultants and experts 23% 12% 28% Total 200% 200% 200% Q4. What statement best describes changes to your organization s ability to protect patient information over the past 24 months? Overall IT Clinician More effective in protecting patient information 18% 20% 17% Less effective in protecting patient information 33% 28% No change in effectiveness in protecting patient information 45% 43% 46% Cannot determine 7% 4% 9% Q5. What do you see as the most significant barriers to achieving a strong IT security posture within your organization today? Please select your top three choices. Overall IT Clinician Security resources and/or budget are inadequate 31% 32% Security technology solutions are ineffective in reducing risks 19% 23% 16% Lack of skilled or expert personnel 50% 65% 40% Lack of ongoing security education and training 10% 8% 11% Leadership lacks commitment to achieving a strong security posture 54% 49% 57% Lack of oversight or governance 33% 23% 40% Poor visibility of people and operations 26% 23% 28% Security risk assessments are not conducted as often as they should be 16% 12% 19% Complexity of compliance and regulatory requirements 59% 64% 56% Other (please specify) 2% 1% 3% Total 300% 300% 300% Ponemon Institute Research Report Page 20

22 Q6. In your organization, how do health care providers (clinicians) authenticate their access to desktops, and laptops? Please select all that apply. Overall IT Clinician Username and password 88% 86% 89% Proximity badge/card 25% 22% Finger biometric 14% 12% 15% Other 3% 5% 2% Total 1 133% 128% Q7. Does your organization use single sign-on to access applications? Overall IT Clinician Yes 26% 31% 23% No 56% 60% 53% Unsure 18% 9% 24% Q8a. What dollar range best describes your organization s IT budget in the present fiscal year? When choosing the range, please exclude nonrecurring capital investments. Overall IT Clinician Less than $2 million 0% 0% 0% $2 to $4 million 1% 1% 1% $4 to $6 million 1% 2% 0% $6 to $8 million 0% 0% 0% $8 to $10 million 1% 1% 1% $10 to $12 million 3% 4% 2% $12 to $14 million 1% 1% 1% $14 to $16 million 3% 5% 2% $16 to $18 million 10% 13% 8% $18 to $20 million 12% 18% 8% $20 to $25 million 18% 21% 16% More than $25 million 13% 16% 11% Unable to determine 37% 18% 50% Extrapolated values in US$ millions Q8b. What percentage best describes the proportion of IT security spending relative to the total IT budget in the present fiscal year? Overall IT Clinician Zero 0% 0% 0% Less than 5% 10% 12% 9% 6% to 10% 23% 32% 17% 11% to 15% 12% 15% 10% 16% to 20% 9% 11% 8% 21% to 6% 8% 5% 31% to 40% 3% 5% 2% 41% to 50% 0% 0% 0% More than 50% 0% 0% 0% Unable to determine 37% 17% 51% Extrapolated values 13% 13% 12% Ponemon Institute Research Report Page 21

23 Part 2. Communication technologies for clinicians and patients Q9. When will your organization adopt EPCS for patient services? Overall IT Clinician In use today 18% 20% 17% Within 12 months 26% 22% 29% 12 to 24 months 32% 29% 34% No plans to adopt 21% 23% 20% Do not know 3% 6% 1% Q10. What are the top two reasons to adopt EPCS? Overall IT Clinician Regulatory mandates 28% 42% 18% Increased accuracy 29% 25% 32% Increased quality of care 35% 29% 39% Improved security 21% 19% 22% Improved privacy 9% 13% 6% Reduced costs 50% 49% 51% Greater efficiency 28% 23% 31% Other 0% 0% 0% Total 200% 200% 200% Q11a. Will EPCS improve patient safety? Overall IT Clinician Yes 54% 43% 62% No 33% 34% 32% Unsure 13% 23% 6% Q11b. If yes, how will patient safety be improved? Overall IT Clinician Limit abuse of overprescribing controlled substances 64% 51% 73% Reduce the occurrence of drug interactions because of access to patient s prescription history 57% 56% 58% Reduce the occurrence of allergic reactions because of access to patient s prescription history 26% 28% 25% More efficient filling of prescriptions 45% 41% 48% Reduce errors in filling prescriptions because of illegible handwriting 68% 65% 70% None of the above 3% 2% 4% Total 263% 243% 277% Q12. Will EPCS limit the abuse of controlled substances? Overall IT Clinician Yes 63% 54% 69% No 23% 24% 22% Unsure 14% 22% 9% Q13. In a typical day, how is your time allocated for the following tasks? Please allocate a total of 100 points to all three tasks in the table below. Allocated points Allocated points Allocated points Face time with patients Using electronic health records and other clinical IT systems Communicating and collaborating with colleagues Total Ponemon Institute Research Report Page 22

24 Q14a. As a result of current methods of communication, how much time is wasted waiting for patient information (each day per clinician)? Overall IT Clinician Zero 5% 4% 6% Less than 15 minutes 18% 21% 16% 15 to 30 minutes 33% 28% 36% 31 to 60 minutes 16% 18% 15% 1 to 2 hours 13% 8% 16% 2 to 3 hours 8% 9% 7% 3 to 4 hours 0% 0% 0% More than 4 hours 1% 1% 1% Unsure 6% 11% 3% Extrapolated values Q14b. If time is wasted, what are the main reasons? Overall IT Clinician Pagers are not efficient 52% 48% 55% is not efficient 38% 41% 36% WIFI is not available 39% 36% 41% Text messaging is not allowed 36% 38% 35% Personal mobile devices are not allowed 28% 24% 31% Other 3% 2% 4% Total 196% 189% 201% Q15. Please select the tools your organization will use to achieve the 5 percent patient engagement requirement for Meaningful Use Stage 2. Overall IT Clinician Secure texting 63% 68% 60% Encrypted 48% 51% 46% Phone 31% 35% 28% Video conferencing 42% 40% 43% Patient portal 65% 65% 65% Health information exchange (HIE) 34% 36% 33% Population management tools 21% 15% 25% Unable to determine 28% 31% Total 334% 338% 331% Q16. What percentage best describes the proportion of IT spending dedicated to patient engagement requirements to the total IT budget in the present fiscal year? Overall IT Clinician Zero 3% 5% 2% Less than 5% 5% 7% 4% 6% to 10% 12% 13% 11% 11% to 15% 26% 31% 23% 16% to 20% 16% 15% 17% 21% to 5% 7% 4% 31% to 40% 3% 5% 2% 41% to 50% 2% 3% 1% More than 50% 1% 0% 2% Unable to determine 27% 14% 36% Extrapolated values 15% 15% 16% Ponemon Institute Research Report Page 23

25 Q17. Following the decision to release a patient, what is the average length of time it takes to complete the discharge? Overall IT Clinician Zero 0% 0% 0% Less than 15 minutes 2% 3% 1% 15 to 30 minutes 6% 5% 7% 31 to 60 minutes 15% 13% 16% 1 to 2 hours 20% 18% 21% 2 to 3 hours 11% 11% 11% 3 to 4 hours 6% 5% 7% More than 4 hours 4% 5% 3% Not applicable because patients are ambulatory (i.e. a clinic) 6% 4% 7% Unable to determine 36% 26% Extrapolated values Q18. On average, what percentage of discharge time is due to waiting for the doctor, specialist or others to respond with information necessary to the patient s release? Overall IT Clinician No time is spent waiting for a response 2% 1% 3% About 10% of the discharge time 4% 5% 3% About 20% of the discharge time 5% 4% 6% About of the discharge time 16% 14% 17% About 40% of the discharge time 18% 17% 19% About 50% of the discharge time 12% 11% 13% More than 50% of the discharge time 8% 9% 7% Not applicable because patients are ambulatory (i.e. a clinic) 6% 4% 7% Unable to determine 29% 35% 25% Extrapolated values 37% 37% 36% Q19. During discharge, what is the single biggest communication challenge? Overall IT Clinician Communicating with other clinicians about the patient s medication 17% 14% 19% Waiting for the doctor to respond and sign off on the discharge order 26% 21% 29% Coordinating with specialists such as physical and occupational therapists and nutritionists 13% 11% 14% Coordinating with the facility the patient is being transferred to such as a nursing home or hospice 10% 8% 11% Not applicable because patients are ambulatory (i.e. a clinic) 6% 7% 5% Unable to determine 28% 39% 20% Q20a. Would the use of secure text messaging to communicate with care teams during the discharge process reduce the total discharge time? Overall IT Clinician Yes 65% 61% 68% No 18% 17% 19% Unsure 11% 16% 8% Not applicable because patients are ambulatory (i.e. a clinic) 6% 6% 6% Ponemon Institute Research Report Page 24

26 Q20b. If yes, on average how much time do you believe would be saved during each discharge event? Overall IT Clinician Zero 3% 2% 4% Less than 15 minutes 4% 5% 3% 15 to 30 minutes 27% 23% 31 to 60 minutes 19% 16% 21% 1 to 2 hours 12% 12% 12% 2 to 3 hours 5% 4% 6% 3 to 4 hours 1% 0% 2% More than 4 hours 0% 0% 0% Unable to determine 29% 38% 23% Extrapolated values Q21. Will secure text messaging replace pagers in your organization? Overall IT Clinician Yes, it is happening right now 23% 22% 24% Yes, within the next 6 months to 1 year 21% 23% 20% Yes, with 1 to 2 years 26% 33% Yes, more than 2 years 11% 13% 10% Never 2% 2% 2% Unsure 13% 14% 12% Q22. What does your organization now use for secure communication between clinicians and other hospital personnel? Please select all that apply. Overall IT Clinician Paging (including two-way paging and alpha paging) 83% 85% 82% Secure Texting 18% 19% 17% Encrypted 27% 25% 28% Phone 68% 67% 69% Wearable communication badge 44% 43% 45% Total 240% 239% 241% Q23. What does your organization plan to use for secure communication between clinicians and other hospital personnel? Please select all that apply Overall IT Clinician Paging (including two-way paging and alpha paging) 29% 31% Secure Texting 64% 62% 65% Encrypted 28% 31% Phone 58% 56% 59% Wearable communications badge 57% 54% 59% Total 239% 229% 246% Q24. What does your organization now use for secure communication between clinicians and patients? Please select all that apply. Overall IT Clinician Postal mail 50% 51% 49% Web portal 36% 38% 35% Secure Texting 18% 16% 19% Encrypted 27% 24% 29% Phone 81% 79% 82% Video Conferencing 4% 2% 5% Total 216% 210% 220% Ponemon Institute Research Report Page 25

27 Q25. What does your organization plan to use for secure communication between clinicians and patients? Please select all that apply. Overall IT Clinician Postal mail 23% 21% 24% Web portal 78% 76% 79% Secure Texting 59% 60% 58% Encrypted 27% 32% Phone 63% 60% 65% Video Conferencing 5% 3% 6% Total 258% 247% 266% Q26. Does your organization use or plan to use text-messaging services for the purpose of communicating directly with patients? Overall IT Clinician Already using 18% 16% 19% Yes, within 12 months 25% 24% 26% Yes, within 24 months 26% 23% 28% No 24% 23% 25% Unsure 7% 14% 2% Q27. What best describes your organization today? Overall IT Clinician We are an ACO 18% 18% 18% We are part of an ACO 23% 21% 24% We plan to become part of an ACO within the next 12 months 21% 16% 24% We have no plans to become an ACO or part of an ACO within the next 12 months 36% 40% 33% Unsure 2% 5% 0% Q28. If your organization is or plans to be a part of an ACO, how will it communicate with patients on an ongoing basis? Please select all that apply. Overall IT Clinician Web portal 78% 76% 79% Encrypted 35% 34% 36% Secure text messaging 69% 64% 72% Health Information Exchanges (HIE) 32% 33% Social media 3% 2% 4% Other (please specify) 2% 0% 3% Total 219% 206% 228% Q29. Does your organization provide patients with access to a web portal that allows them to see their medical records, scheduled appointments and other administrative information? Overall IT Clinician Yes 77% 79% 76% No 11% 13% 10% Unsure 12% 8% 15% Q30. Are you aware of patients requesting a way to access their health information electronically online or through a mobile device? Overall IT Clinician Yes, only online 14% 12% 15% Yes, only mobile 19% 17% 20% Yes, both online and mobile 26% 28% 25% No 38% 36% 39% Unsure 3% 7% 0% Ponemon Institute Research Report Page 26

28 Q31a. Do you believe the HIPAA security and privacy regulations make it more difficult for your organization to deliver quality patient care? Overall IT Clinician Yes 51% 48% 53% No 43% 42% 44% Unsure 6% 10% 3% Q31b. If yes, how do these regulations diminish the delivery of quality patient care? Please select all that apply. Overall IT Clinician Makes access to electronic patient information difficult 79% 76% 81% Restricts the use of electronic communications 56% 52% 59% Restricts the use of personal mobile devices 54% 53% 55% Limits the ability to access patient information remotely 64% 62% 65% Constrains communication with patients and peers 26% 28% 25% Reduces time available for patient care because of compliance tasks 85% 82% 87% None of the above 5% 4% 6% Unsure 2% 4% 1% Total 371% 361% 378% Q32a. Do you work at more than one healthcare facility? Overall IT Clinician Yes 46% 46% No 54% 54% Total 100% 100% Q32b. If yes, how many facilities? Overall IT Clinician 2 44% 44% 3 32% 32% 4 11% 11% 5 5% 5% More than 5 8% 8% Total 100% 100% Part 4. Demographics and organizational characteristics D1. What best describes your organization? Overall IT Clinician Public healthcare provider 43% 41% 44% Private healthcare provider 54% 55% 53% Other 3% 4% 2% D2. What best describes your organization s operating structure? Overall IT Clinician Healthcare system 45% 46% 44% Community hospital (standalone) 46% 47% 45% Outpatient ambulatory services 6% 6% 6% Other 3% 1% 4% D3. How many patient beds (capacity) does your healthcare facility or organization have? Overall IT Clinician Less than % 18% 26% 101 to % 35% 301 to % 18% More than % 29% 21% Ponemon Institute Research Report Page 27

29 D4. Regional location of the healthcare provider Overall IT Clinician Northeast 20% 19% 21% Mid-Atlantic 18% 18% 17% Midwest 18% 18% 18% Southeast 13% 14% 12% Southwest 12% 12% 12% Pacific-West 20% 19% 20% For more information about this study, please contact Ponemon Institute by sending an to or calling our toll free line at Ponemon Institute Advancing Responsible Information Management Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions. Ponemon Institute Research Report Page 28

How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States

How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date:

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report

More information

A Study of Retail Banks & DDoS Attacks

A Study of Retail Banks & DDoS Attacks A Study of Retail Banks & DDoS Attacks Sponsored by Corero Network Security Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report A Study of

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report

More information

Data Breach: The Cloud Multiplier Effect

Data Breach: The Cloud Multiplier Effect Data Breach: The Cloud Multiplier Effect Sponsored by Netskope Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Part 1. Introduction Data Breach:

More information

Is Your Company Ready for a Big Data Breach?

Is Your Company Ready for a Big Data Breach? Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication

More information

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices

More information

Electronic Health Information at Risk: A Study of IT Practitioners

Electronic Health Information at Risk: A Study of IT Practitioners Electronic Health Information at Risk: A Study of IT Practitioners Sponsored by LogLogic Conducted by Ponemon Institute LLC October 15, 2009 Ponemon Institute Research Report Executive summary Electronic

More information

Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA)

Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Sponsored by Property Casualty Insurers Association of America Independently conducted by Ponemon Institute LLC Publication

More information

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013

More information

Understaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security

Understaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security Understaffed and at Risk: Today s IT Security Department Sponsored by HP Enterprise Security Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute Research

More information

Exposing the Cybersecurity Cracks: A Global Perspective

Exposing the Cybersecurity Cracks: A Global Perspective Exposing the Cybersecurity Cracks: A Global Perspective Part I: Deficient, Disconnected & in the Dark Sponsored by Websense, Inc. Independently conducted by Ponemon Institute LLC Publication Date: April

More information

The Unintentional Insider Risk in United States and German Organizations

The Unintentional Insider Risk in United States and German Organizations The Unintentional Insider Risk in United States and German Organizations Sponsored by Raytheon Websense Independently conducted by Ponemon Institute LLC Publication Date: July 2015 2 Part 1. Introduction

More information

The Security Impact of Mobile Device Use by Employees

The Security Impact of Mobile Device Use by Employees The Security Impact of Mobile Device Use by Employees Sponsored by Accellion Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report The Security

More information

Understanding Security Complexity in 21 st Century IT Environments:

Understanding Security Complexity in 21 st Century IT Environments: Understanding Security Complexity in 21 st Century IT Environments: A study of IT practitioners in the US, UK, France, Japan & Germany Sponsored by Check Point Software Technologies Independently conducted

More information

Risk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin

Risk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin Risk & Innovation in Cybersecurity Investments Sponsored by Lockheed Martin Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report Part 1. Introduction

More information

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Achieving Security in Workplace File Sharing Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction Achieving

More information

National Survey on Data Center Outages

National Survey on Data Center Outages National Survey on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Part 1. Executive Summary National Survey on Data Center Outages Ponemon Institute,

More information

Reputation Impact of a Data Breach U.S. Study of Executives & Managers

Reputation Impact of a Data Breach U.S. Study of Executives & Managers Reputation Impact of a Data Breach U.S. Study of Executives & Managers Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon

More information

Data Security in Development & Testing

Data Security in Development & Testing Data Security in Development & Testing Sponsored by Micro Focus Independently conducted by Ponemon Institute LLC Publication Date: July 31, 2009 Ponemon Institute Research Report Data Security in Development

More information

Third Annual Study: Is Your Company Ready for a Big Data Breach?

Third Annual Study: Is Your Company Ready for a Big Data Breach? Third Annual Study: Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute

More information

The Importance of Cyber Threat Intelligence to a Strong Security Posture

The Importance of Cyber Threat Intelligence to a Strong Security Posture The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

The Aftermath of a Data Breach: Consumer Sentiment

The Aftermath of a Data Breach: Consumer Sentiment The Aftermath of a Data Breach: Consumer Sentiment Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research

More information

The SQL Injection Threat Study

The SQL Injection Threat Study The SQL Injection Threat Study Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: April 2014 1 The SQL Injection Threat Study Presented by Ponemon Institute, April

More information

The State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015

The State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015 The State of Data Security Intelligence Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report The State of Data Security

More information

The TCO of Software vs. Hardware-based Full Disk Encryption Summary

The TCO of Software vs. Hardware-based Full Disk Encryption Summary The TCO of vs. -based Full Disk Encryption Summary Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Industry Co-Sponsors Ponemon Institute Research Report

More information

Security of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014

Security of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Security of Paper Records & Document Shredding Sponsored by Cintas Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction

More information

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage Sponsored by ObserveIT Independently conducted by Ponemon Institute LLC June 2015 Ponemon Institute Research Report

More information

2012 Application Security Gap Study: A Survey of IT Security & Developers

2012 Application Security Gap Study: A Survey of IT Security & Developers 2012 Application Gap Study: A Survey of IT & s Research sponsored by Innovation Independently Conducted by Ponemon Institute LLC March 2012 1 2012 Application Gap Study: A Survey of IT & s March 2012 Part

More information

Data Security in the Evolving Payments Ecosystem

Data Security in the Evolving Payments Ecosystem Data Security in the Evolving Payments Ecosystem Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report

More information

Global Insights on Document Security

Global Insights on Document Security Global Insights on Document Security Sponsored by Adobe Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Global Insights on Document Security

More information

Third Annual Survey on Medical Identity Theft

Third Annual Survey on Medical Identity Theft Third Annual Survey on Medical Identity Theft Sponsored by Experian s ProtectMyID Independently conducted by Ponemon Institute LLC Publication Date: June 2012 Ponemon Institute Research Report Part 1:

More information

The Cost of Web Application Attacks

The Cost of Web Application Attacks The Cost of Web Application Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report Part 1. Introduction The

More information

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S.

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon

More information

Privacy and Security in a Connected Life: A Study of European Consumers

Privacy and Security in a Connected Life: A Study of European Consumers Privacy and Security in a Connected Life: A Study of European Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research

More information

The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners

The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners Sponsored by Vormetric Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon Institute

More information

Defining the Gap: The Cybersecurity Governance Study

Defining the Gap: The Cybersecurity Governance Study Defining the Gap: The Cybersecurity Governance Study Sponsored by Fidelis Cybersecurity Independently conducted by Ponemon Institute LLC Publication Date: June 2015 Ponemon Institute Research Report Defining

More information

How Much Is the Data on Your Mobile Device Worth?

How Much Is the Data on Your Mobile Device Worth? How Much Is the Data on Your Mobile Device Worth? Sponsored by Lookout Independently conducted by Ponemon Institute LLC Publication Date: January 2016 Ponemon Institute Research Report Part 1. Introduction

More information

2014: A Year of Mega Breaches

2014: A Year of Mega Breaches 2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A

More information

Second Annual Benchmark Study on Patient Privacy & Data Security

Second Annual Benchmark Study on Patient Privacy & Data Security Second Annual Benchmark Study on Patient Privacy & Data Security Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: December 2011 Ponemon Institute Research Report

More information

Aftermath of a Data Breach Study

Aftermath of a Data Breach Study Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath

More information

Cyber Security on the Offense: A Study of IT Security Experts

Cyber Security on the Offense: A Study of IT Security Experts Cyber Security on the Offense: A Study of IT Security Experts Co-authored with Radware Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report

More information

Compliance Cost Associated with the Storage of Unstructured Information

Compliance Cost Associated with the Storage of Unstructured Information Compliance Cost Associated with the Storage of Unstructured Information Sponsored by Novell Independently conducted by Ponemon Institute LLC Publication Date: May 2011 Ponemon Institute Research Report

More information

The SQL Injection Threat & Recent Retail Breaches

The SQL Injection Threat & Recent Retail Breaches The SQL Injection Threat & Recent Retail Breaches Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2014 1 Part 1. Introduction The SQL Injection Threat &

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

The Importance of Senior Executive Involvement in Breach Response

The Importance of Senior Executive Involvement in Breach Response The Importance of Senior Executive Involvement in Breach Response Sponsored by HP Enterprise Security Services Independently conducted by Ponemon Institute LLC Publication Date: October 2014 The Importance

More information

Exposing the Cybersecurity Cracks: A Global Perspective

Exposing the Cybersecurity Cracks: A Global Perspective Exposing the Cybersecurity Cracks: A Global Perspective Part 2: Roadblocks, Refresh and Raising the Human Security IQ Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication

More information

Encryption in the Cloud

Encryption in the Cloud Encryption in the Cloud Who is responsible for data protection in the cloud? Sponsored by Thales e-security Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute

More information

The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations

The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Ponemon Institute Research Report Part

More information

Security Metrics to Manage Change: Which Matter, Which Can Be Measured?

Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:

More information

Privileged User Abuse & The Insider Threat

Privileged User Abuse & The Insider Threat Privileged User Abuse & The Insider Threat Commissioned by Raytheon Company Independently conducted by Ponemon Institute LLC Publication Date: May 2014 1 Privileged User Abuse & The Insider Threat Ponemon

More information

Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data

Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data Independently conducted by Ponemon Institute LLC Publication Date: February 23, 2009 Sponsored by Symantec Corporation Ponemon

More information

Economic impact of privacy on online behavioral advertising

Economic impact of privacy on online behavioral advertising Benchmark study of Internet marketers and advertisers Independently Conducted by Ponemon Institute LLC April 30, 2010 Ponemon Institute Research Report Economic impact of privacy on online behavioral advertising

More information

2013 Study on Data Center Outages

2013 Study on Data Center Outages 2013 Study on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: September 2013 2013 Study on Data Center Outages Ponemon Institute, September 2013 Part 1. Introduction

More information

Fourth Annual Benchmark Study on Patient Privacy & Data Security

Fourth Annual Benchmark Study on Patient Privacy & Data Security Fourth Annual Benchmark Study on Patient Privacy & Data Security Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Ponemon Institute Research Report

More information

The State of Mobile Application Insecurity

The State of Mobile Application Insecurity The State of Mobile Application Insecurity Sponsored by IBM Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1. Introduction The State

More information

2013 Cost of Data Center Outages

2013 Cost of Data Center Outages 2013 Cost of Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: December 2013 Part 1. Executive Summary 2013 Cost of Data Center Outages Ponemon Institute, December

More information

Corporate Data: A Protected Asset or a Ticking Time Bomb?

Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb? Sponsored by Varonis Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report Corporate

More information

The Fraud Report: How Fake Users Are Impacting Business

The Fraud Report: How Fake Users Are Impacting Business The Fraud Report: How Fake Users Are Impacting Business Sponsored by TeleSign Independently conducted by Ponemon Institute LLC Publication Date: November 2015 Ponemon Institute Research Report The Fraud

More information

Security of Cloud Computing Users Study

Security of Cloud Computing Users Study Security of Cloud Computing Users Study Sponsored by CA Technologies Independently conducted by Ponemon Institute, LLC Publication Date: March 2013 Security of Cloud Computing Users Study March 2013 Part

More information

2015 Global Study on IT Security Spending & Investments

2015 Global Study on IT Security Spending & Investments 2015 Study on IT Security Spending & Investments Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Sponsored by Part 1. Introduction Security risks are pervasive and becoming

More information

Cloud Security: Getting It Right

Cloud Security: Getting It Right Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon

More information

2013 Survey on Medical Identity Theft

2013 Survey on Medical Identity Theft 2013 Survey on Medical Identity Theft Sponsored by the Medical Identity Fraud Alliance with support from ID Experts Independently conducted by Ponemon Institute LLC Publication Date: September 2013 Ponemon

More information

Breaking Bad: The Risk of Insecure File Sharing

Breaking Bad: The Risk of Insecure File Sharing Breaking Bad: The Risk of Insecure File Sharing Sponsored by Intralinks Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research Report Breaking Bad: The

More information

How Single Sign-On Is Changing Healthcare: SSO Vendor Comparison

How Single Sign-On Is Changing Healthcare: SSO Vendor Comparison How Single Sign-On Is Changing Healthcare: SSO Vendor Comparison Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon Institute Research Report How

More information

The State of Data Centric Security

The State of Data Centric Security The State of Data Centric Security Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report State of Data Centric Security

More information

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Sponsored by AccessData Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute

More information

IBM QRadar Security Intelligence: Evidence of Value

IBM QRadar Security Intelligence: Evidence of Value IBM QRadar Security Intelligence: Evidence of Value Independently conducted by Ponemon Institute LLC February 2014 Ponemon Institute Research Report Background IBM QRadar: Evidence of Value Ponemon Institute:

More information

2015 Global Cyber Impact Report

2015 Global Cyber Impact Report 2015 Global Cyber Impact Report Sponsored by Aon Risk Services Independently conducted by Ponemon Institute LLC Publication Date: April 2015 2015 Global Cyber Impact Report Ponemon Institute, April 2015

More information

The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan

The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute Research Report

More information

State of SMB Cyber Security Readiness: UK Study

State of SMB Cyber Security Readiness: UK Study State of SMB Cyber Security Readiness: UK Study Sponsored by Faronics Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report Part 1. Introduction

More information

Challenges of Cloud Information

Challenges of Cloud Information The Challenges of Cloud Information Governance: A Global Data Security Study Sponsored by SafeNet Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research

More information

Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers

Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Independently Conducted by Ponemon Institute LLC February 2012 Leading Practices in Behavioral

More information

Achieving Data Privacy in the Cloud

Achieving Data Privacy in the Cloud Achieving Data Privacy in the Cloud Study of Information Technology Privacy and Compliance of Small to Medium-Sized Organizations in germany Sponsored by microsoft Independently Conducted by Ponemon Institute

More information

The Role of Governance, Risk Management & Compliance in Organizations

The Role of Governance, Risk Management & Compliance in Organizations The Role of Governance, Risk Management & Compliance in Organizations Study of GRC practitioners Sponsored by RSA, The Security Division of EMC Independently conducted by Ponemon Institute LLC Publication

More information

Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners

Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Sponsored by McAfee Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research.

More information

2015 Global Megatrends in Cybersecurity

2015 Global Megatrends in Cybersecurity 2015 Global Megatrends in Cybersecurity Sponsored by Raytheon Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report 2015 Global Megatrends in

More information

2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition

2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition 2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition Sponsored by Silver Tail Systems Independently conducted by Ponemon Institute, LLC Publication Date: October 2012 Ponemon Institute

More information

Fifth Annual Study on Medical Identity Theft

Fifth Annual Study on Medical Identity Theft Fifth Annual Study on Medical Identity Theft Sponsored by the Medical Identity Fraud Alliance with support from: Kaiser Permanente, ID Experts, Experian Data Breach Resolution and Identity Finder, LLC

More information

The State of USB Drive Security

The State of USB Drive Security The State of USB Drive Security U.S. survey of IT and IT security practitioners Sponsored by Kingston Independently conducted by Ponemon Institute LLC Publication Date: July 2011 Ponemon Institute Research

More information

The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season

The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season Sponsored by RSA Security Independently conducted by Ponemon Institute, LLC Publication Date: October 2013 Ponemon

More information

Cost of Data Center Outages January 2016 Data Center Performance Benchmark Series

Cost of Data Center Outages January 2016 Data Center Performance Benchmark Series Cost of Data Center Outages January 2016 Data Center Performance Benchmark Series Independently conducted by Ponemon Institute LLC Publication Date: January 2016 Cost of Data Center Outages Ponemon Institute,

More information

Survey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc.

Survey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc. Survey on the Governance of Unstructured Data Independently Conducted and Published by Ponemon Institute LLC Sponsored by Varonis Systems, Inc. June 30, 2008 Please Do Not Quote Without Express Permission.

More information

Security of Cloud Computing Providers Study

Security of Cloud Computing Providers Study Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary

More information

Security of Cloud Computing Providers Study

Security of Cloud Computing Providers Study Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary

More information

Sponsored by Zimbra. The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA

Sponsored by Zimbra. The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA Sponsored by Zimbra Independently conducted by Ponemon Institute LLC Publication Date: November 2014 Ponemon Institute

More information

Advanced Threats in Retail Companies: A Study of North America & EMEA

Advanced Threats in Retail Companies: A Study of North America & EMEA Advanced Threats in Companies: A Study of North America & EMEA Sponsored by Arbor Networks Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report

More information

Perceptions about Self-Encrypting Drives: A Study of IT Practitioners

Perceptions about Self-Encrypting Drives: A Study of IT Practitioners Perceptions about Self-Encrypting Drives: A Study of IT Practitioners Executive Summary Sponsored by Trusted Computing Group Independently conducted by Ponemon Institute LLC Publication Date: April 2011

More information

Global Survey on Social Media Risks Survey of IT & IT Security Practitioners

Global Survey on Social Media Risks Survey of IT & IT Security Practitioners 0 Global Survey on Social Media Risks Survey of IT & IT Security Practitioners Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication Date: September 2011 1 Global Survey on

More information

Efficacy of Emerging Network Security Technologies

Efficacy of Emerging Network Security Technologies Efficacy of Emerging Network Security Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part

More information

Privacy and Security in a Connected Life: A Study of US, European and Japanese Consumers

Privacy and Security in a Connected Life: A Study of US, European and Japanese Consumers Privacy and Security in a Connected Life: A Study of US, European and Japanese Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute

More information

2015 Cost of Data Breach Study: United States

2015 Cost of Data Breach Study: United States 2015 Cost of Data Breach Study: United States Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC May 2015 Ponemon Institute Research Report 2015 1 Cost of Data Breach

More information

The Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013

The Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013 The Post Breach Boom Sponsored by Solera Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part 1. Introduction The Post Breach

More information

State of Web Application Security U.S. Survey of IT & IT security practitioners

State of Web Application Security U.S. Survey of IT & IT security practitioners State of Web Application Security U.S. Survey of IT & IT security practitioners Sponsored by Cenzic & Barracuda Networks Independently conducted by Ponemon Institute LLC Publication Date: March 2011 Ponemon

More information

Cyber Threat Intelligence: Has to Be a Better Way

Cyber Threat Intelligence: Has to Be a Better Way Exchanging Cyber Threat Intelligence: There Has to Be a Better Way Sponsored by IID Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research Report Exchanging

More information

Big Data Analytics in Cyber Defense

Big Data Analytics in Cyber Defense Big Data Analytics in Cyber Defense Sponsored by Teradata Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Big Data Analytics in Cyber

More information

2013 Cost of Data Breach Study: Global Analysis

2013 Cost of Data Breach Study: Global Analysis 2013 Cost of Data Breach Study: Global Analysis Benchmark research sponsored by Symantec Independently Conducted by Ponemon Institute LLC May 2013 Ponemon Institute Research Report Part 1. Executive Summary

More information

2013 Cost of Data Breach Study: Global Analysis

2013 Cost of Data Breach Study: Global Analysis 2013 Cost of Data Breach Study: Global Analysis Benchmark research sponsored by Symantec Independently Conducted by Ponemon Institute LLC May 2013 Ponemon Institute Research Report Part 1. Executive Summary

More information

The economics of IT risk and reputation

The economics of IT risk and reputation Global Technology Services Research Report Risk Management The economics of IT risk and reputation What business continuity and IT security really mean to your organization Findings from the IBM Global

More information

Moving Beyond Passwords: Consumer Attitudes on Online Authentication A Study of US, UK and German Consumers

Moving Beyond Passwords: Consumer Attitudes on Online Authentication A Study of US, UK and German Consumers Moving Beyond Passwords: Consumer Attitudes on Online Authentication A Study of US, UK and German Consumers Sponsored by Nok Nok Labs, Inc. Independently conducted by Ponemon Institute LLC Publication

More information